Bug 1567418. Try to diagnose crash in png decoder. r=aosmond
authorTimothy Nikkel <tnikkel@gmail.com>
Fri, 30 Aug 2019 11:27:58 +0000
changeset 554739 c9487e92cf629f7ce92fe5074323fdfb46562a2b
parent 554738 d6aa2851ca9612c23409d5194fe2d912a9748958
child 554740 98bdc3047120ee9d3700f4c13bc09b0db585c58f
push id2165
push userffxbld-merge
push dateMon, 14 Oct 2019 16:30:58 +0000
treeherdermozilla-release@0eae18af659f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaosmond
bugs1567418
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1567418. Try to diagnose crash in png decoder. r=aosmond Call WriteRow from a different line number if we have an interlacing buffer. I think the compiler shouldn't be able to optimize these into the same code, and so we should be able to distinguish them. Differential Revision: https://phabricator.services.mozilla.com/D44061
image/decoders/nsPNGDecoder.cpp
--- a/image/decoders/nsPNGDecoder.cpp
+++ b/image/decoders/nsPNGDecoder.cpp
@@ -818,29 +818,31 @@ void nsPNGDecoder::row_callback(png_stru
     // didn't, we might overflow the deinterlacing buffer.
     MOZ_ASSERT_UNREACHABLE("libpng producing extra rows?");
     return;
   }
 
   // Note that |new_row| may be null here, indicating that this is an interlaced
   // image and |row_callback| is being called for a row that hasn't changed.
   MOZ_ASSERT_IF(!new_row, decoder->interlacebuf);
-  uint8_t* rowToWrite = new_row;
 
   if (decoder->interlacebuf) {
     uint32_t width = uint32_t(decoder->mFrameRect.Width());
 
     // We'll output the deinterlaced version of the row.
-    rowToWrite = decoder->interlacebuf + (row_num * decoder->mChannels * width);
+    uint8_t* rowToWrite =
+        decoder->interlacebuf + (row_num * decoder->mChannels * width);
 
     // Update the deinterlaced version of this row with the new data.
     png_progressive_combine_row(png_ptr, rowToWrite, new_row);
+
+    decoder->WriteRow(rowToWrite);
+  } else {
+    decoder->WriteRow(new_row);
   }
-
-  decoder->WriteRow(rowToWrite);
 }
 
 void nsPNGDecoder::WriteRow(uint8_t* aRow) {
   MOZ_ASSERT(aRow);
 
   uint8_t* rowToWrite = aRow;
   uint32_t width = uint32_t(mFrameRect.Width());